DOCSLIB.ORG

A Simple Encryption Algorithm

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Simple Encryption Algorithm 1 A Simple Encryption Algorithm 2 Joseph Keenan St. Pierre 3 Worcester Polytechnic Institute 4 Corresponding author: 5 Joseph Keenan St. Pierre 6 Email address: [email protected] 7 ABSTRACT In this paper I present a Simple Encryption Algorithm (SEAL), by which 128-bit long blocks can be quickly encrypted/decrypted. The algorithm is designed to run efficiently in software without any specialized hardware while still guaranteeing a strong degree of confidentiality. The cipher is composed entirely of simple bit-wise operations, such as the exclusive-or and circular shift, in addition to modular addition, thereby making it exceedingly easy to implement in most programming languages as well as efficient in terms of performance. 8 INTRODUCTION 9 SEAL is a symmetric key block cipher that permutes a 128-bit block against a 128-bit key. Based off of 10 statistical analysis, the cipher’s output exhibits strong avalanche effects as well as uniform distribution. 11 Furthermore, as the name suggests, SEAL’s implementation in software is lightweight, straightforward, 12 and requires minimal overhead. 13 ENCRYPTION PROCEDURE 14 Below is the encryption procedure for SEAL written in the C programming language: 15 16 /*Substitute the bytes ofa block chunk with the SEALS-Box */ 17 void S(uint32_t *block_chunk){ 18 for(int i = 0; i < 4; i++){ 19 uint8_t byte = (uint8_t)(*block_chunk >> 8*i); 20 *block_chunk = *block_chunk & ˜(0xFF << 8*i); 21 *block_chunk |= ((uint32_t)sbox[byte] << 8*i); 22 } 23 } 24 /*Encryptsa 128-bit block againsta 128-bit key using SEAL */ 25 void seal_encrypt(uint32_t *block, uint32_t *key){ 26 /*The carry chunk used for rotation and feeding*/ 27 uint32_t carry = 0; 28 29 /*Perform8 rounds of encryption */ 30 for(int i = 0; i < 8; i++){ 31 //Substitute first chunk and XOR against key and round number 32 S(&block[0]); block[0] ˆ= key[i%4] ˆ i; carry = block[0]; 33 34 //Feed carry chunk through subsequent block chunks 35 block[1] += carry; carry = block[1]; 36 carry = (carry >> 11) | (carry << 21);//Rotate carry chunk 37 38 block[2] += carry; carry = block[2]; 39 carry = (carry >> 11) | (carry << 21); 40 41 block[3] += carry; carry = block[3]; 42 carry = (carry >> 11) | (carry << 21); PeerJ Preprints | https://doi.org/10.7287/peerj.preprints.3128v3 | CC BY 4.0 Open Access | rec: 15 Aug 2017, publ: 15 Aug 2017 43 44 //Rotate block chunks 45 block[3] = block[2]; block[2] = block[1]; 46 block[1] = block[0]; block[0] = carry; 47 } 48 49 S(&block[0]); S(&block[1]);//Substitute chunks again 50 S(&block[2]); S(&block[3]); 51 52 for(int i = 0; i < 4; i++)//Perform"locking" round 53 block[i] ˆ= key[i];//XOR chunks against key 54 } 55 56 SUBSTITUTION BOX 57 For added reference, below is the 16x16 lookup table used by the S-box to substitute the bytes of a block 58 chunk. This table was generated randomly using a brute-force algorithm for finding a substitution box 59 with strong avalanche effect. Any lookup table will suffice provided it too has good bit distributions 60 and a strong avalanche effect. A byte is substituted by taking its hexadecimal value, reading its first and 61 second digit which correspond to a row and column respectively, and replacing said byte with the value 62 located at the corresponding cell. For example, the hexadecimal value ”ab” would be substituted with 63 ”67” according to the provided table. 64 Table 1. S-box S 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 bc 7d 7b 93 01 15 30 21 a5 d6 f8 9b 48 db ce 29 1 61 b3 34 03 b1 d7 53 98 52 f3 bb ab b2 2d 2a eb 2 08 02 0c cb b0 9e 8f 96 40 92 e9 6e 58 6d 44 06 3 88 1c 1f 65 91 85 66 45 9d 4a b9 8d 20 ca a0 19 4 5d 5b 12 25 cc 9c 43 a2 50 da b4 f9 4f 69 17 4b 5 04 6c 11 dd 73 16 df 41 3a 5f 74 47 09 18 fe 99 6 84 62 00 0d 64 7c d5 72 e1 e5 24 ee 4d f2 3d 2c 65 7 26 3b 42 3f c2 7a d3 1d 57 0b fa 75 d0 c4 ec fb 8 0e e3 90 80 ff 0a 4e 2f d9 2e c8 e6 1b 94 55 9a 9 f5 60 79 d2 71 cf dc ad f7 7f c0 05 6b af 38 7e a d8 35 70 c9 aa 83 a6 d1 39 e0 6a 67 a4 5a 13 8b b f0 fc e7 c6 a3 97 c3 5e c7 63 46 ba 37 ea 77 c1 c cd 4c 33 bf 28 76 b5 b7 f4 ed 5c fd 68 ae e4 78 d e2 1e 2b ac 59 36 be 6f 1a b6 9f 22 87 8c 10 31 e 82 a9 07 f6 86 23 e8 95 54 a8 82 8a a1 49 f1 b8 f d4 3e 0f de 3c 8e 56 c5 27 89 14 bd 51 a7 32 ef 66 OVERVIEW AND DESIGN RATIONALE 67 The cipher is a form of substitution-permutation network whereby both the block and the key are divided 68 into equal 32-bit chunks. Through the combined usage of modular additions, circular shifts, and the 69 XOR, a high degree of non-linearity is achieved. Prior to the start of each round, the round-key is XOR’d 70 against the round number; this is done in order to protect the cipher against slide attacks by removing 71 the symmetry of the internal rounds. The substitution boxes are included in order to rapidly introduce 72 the avalanche effect resulting from a minor change in the input block. Furthermore, to ensure that any 73 change in the key results in a major change in the output, at least eight rounds of encryption are required; 74 however, if additional security is needed, the number of rounds can be scaled up provided that the number 75 of rounds is a multiple of four. This guarantees that each chunk of the key is used the same number of 76 times thereby preventing any bias from emerging. Lastly, in order to obfuscate the internal permutations 77 of the block, the entire block is substituted and XOR’d against the key in a final ”locking” round. 2/7 PeerJ Preprints | https://doi.org/10.7287/peerj.preprints.3128v3 | CC BY 4.0 Open Access | rec: 15 Aug 2017, publ: 15 Aug 2017 78 SEAL has been specifically designed for efficiency in software without the need for dedicated 79 hardware. For this reason, there is no key schedule in the default implementation presented here as such 80 an additional process unnecessarily slows the rate of encryption. This omission is justified on the basis 81 that the statistical analysis of the cipher’s output distribution and avalanche effect showed no conclusive 82 advantage to using SEAL with a key schedule as opposed to using the same key repeatedly. That being 83 said, if performance is not a concern, a key schedule could easily be implemented and used alongside 84 SEAL if one so desired. 85 CIPHER DIAGRAM 86 Below is an overall outline of the SEAL cipher: Figure 1. SEAL Cipher Digram 3/7 PeerJ Preprints | https://doi.org/10.7287/peerj.preprints.3128v3 | CC BY 4.0 Open Access | rec: 15 Aug 2017, publ: 15 Aug 2017 87 ANALYSIS 88 Substitution Box 89 The primary function of an S-box is to remove the linear relationship between a plaintext-ciphertext 90 pair produced by a cryptographic function. In order to effectively accomplish this task, it is imperative 91 that an S-box does not have any strong differential characteristics that could be feasibly exploited by 92 cryptanalysis. 93 The S-box articulated in this paper was produced via a brute-force algorithm that searched for a 94 16x16 lookup table that followed an avalanche criterion in addition to possessing only weak differential 95 characteristics; as such, the best differential characteristic across the SEAL S-box, (e5 ! 8f), only holds 96 true with a probability of 0.023438. 97 While the S-boxes produced by this algorithm are probably not secure enough to resist an extensive 98 differential attack on their own, it should be noted that when used in conjunction with other non-linear 99 functions (such as modular addition), the cipher as a whole becomes infeasible to attack. 100 Internal Round Functions 101 SEAL’s internal round functions in and of themselves are not secure as only the first chunk is technically 102 kept a secret via the XOR. However, when used in a group of 4, the entire block is permuted and cannot 103 easily be recovered despite the fact that intermediary computations can be trivially found if the ciphertext 104 output is known. This is best articulated using a 1x4 matrix which represents the outputted permuted 105 block, a 4x4 matrix which represents the states of the various XOR and ADD nodes for each internal 106 round, and a final 1x4 matrix which represents the original inputted plaintext block. For demonstration 107 purposes, the matrices below will only contain 8-bit values and the circular shifts will be by 3 bits instead 108 of 11. C Round1−4 P 2ab3 2ab a0 c2 5c3 2xx3 6167 616 d6 e4 xx7 6xx7 6 7 ( 6 7 ( 6 7 4995 499 b f xx xx5 4xx5 f 2 f 2 xx xx xx xx Figure 2.
Load more

Recommended publications
  • Breaking Crypto Without Keys: Analyzing Data in Web Applications Chris Eng
    Breaking Crypto Without Keys: Analyzing Data in Web Applications Chris Eng 1 Introduction – Chris Eng _ Director of Security Services, Veracode _ Former occupations . 2000-2006: Senior Consulting Services Technical Lead with Symantec Professional Services (@stake up until October 2004) . 1998-2000: US Department of Defense _ Primary areas of expertise . Web Application Penetration Testing . Network Penetration Testing . Product (COTS) Penetration Testing . Exploit Development (well, a long time ago...) _ Lead developer for @stake’s now-extinct WebProxy tool 2 Assumptions _ This talk is aimed primarily at penetration testers but should also be useful for developers to understand how your application might be vulnerable _ Assumes basic understanding of cryptographic terms but requires no understanding of the underlying math, etc. 3 Agenda 1 Problem Statement 2 Crypto Refresher 3 Analysis Techniques 4 Case Studies 5 Q & A 4 Problem Statement 5 Problem Statement _ What do you do when you encounter unknown data in web applications? . Cookies . Hidden fields . GET/POST parameters _ How can you tell if something is encrypted or trivially encoded? _ How much do I really have to know about cryptography in order to exploit implementation weaknesses? 6 Goals _ Understand some basic techniques for analyzing and breaking down unknown data _ Understand and recognize characteristics of bad crypto implementations _ Apply techniques to real-world penetration tests 7 Crypto Refresher 8 Types of Ciphers _ Block Cipher . Operates on fixed-length groups of bits, called blocks . Block sizes vary depending on the algorithm (most algorithms support several different block sizes) . Several different modes of operation for encrypting messages longer than the basic block size .
    [Show full text]
  • SGX Secure Enclaves in Practice Security and Crypto Review
    SGX Secure Enclaves in Practice Security and Crypto Review JP Aumasson, Luis Merino This talk ● First SGX review from real hardware and SDK ● Revealing undocumented parts of SGX ● Tool and application releases Props Victor Costan (MIT) Shay Gueron (Intel) Simon Johnson (Intel) Samuel Neves (Uni Coimbra) Joanna Rutkowska (Invisible Things Lab) Arrigo Triulzi Dan Zimmerman (Intel) Kudelski Security for supporting this research Agenda .theory What's SGX, how secure is it? .practice Developing for SGX on Windows and Linux .theory Cryptography schemes and implementations .practice Our projects: reencryption, metadata extraction What's SGX, how secure is it? New instruction set in Skylake Intel CPUs since autumn 2015 SGX as a reverse sandbox Protects enclaves of code/data from ● Operating System, or hypervisor ● BIOS, firmware, drivers ● System Management Mode (SMM) ○ aka ring -2 ○ Software “between BIOS and OS” ● Intel Management Engine (ME) ○ aka ring -3 ○ “CPU in the CPU” ● By extension, any remote attack = reverse sandbox Simplified workflow 1. Write enclave program (no secrets) 2. Get it attested (signed, bound to a CPU) 3. Provision secrets, from a remote client 4. Run enclave program in the CPU 5. Get the result, and a proof that it's the result of the intended computation Example: make reverse engineer impossible 1. Enclave generates a key pair a. Seals the private key b. Shares the public key with the authenticated client 2. Client sends code encrypted with the enclave's public key 3. CPU decrypts the code and executes it A trusted
    [Show full text]
  • Bias in the LEVIATHAN Stream Cipher
    Bias in the LEVIATHAN Stream Cipher Paul Crowley1? and Stefan Lucks2?? 1 cryptolabs Amsterdam [email protected] 2 University of Mannheim [email protected] Abstract. We show two methods of distinguishing the LEVIATHAN stream cipher from a random stream using 236 bytes of output and pro- portional effort; both arise from compression within the cipher. The first models the cipher as two random functions in sequence, and shows that the probability of a collision in 64-bit output blocks is doubled as a re- sult; the second shows artifacts where the same inputs are presented to the key-dependent S-boxes in the final stage of the cipher for two suc- cessive outputs. Both distinguishers are demonstrated with experiments on a reduced variant of the cipher. 1 Introduction LEVIATHAN [5] is a stream cipher proposed by David McGrew and Scott Fluhrer for the NESSIE project [6]. Like most stream ciphers, it maps a key onto a pseudorandom keystream that can be XORed with the plaintext to generate the ciphertext. But it is unusual in that the keystream need not be generated in strict order from byte 0 onwards; arbitrary ranges of the keystream may be generated efficiently without the cost of generating and discarding all prior val- ues. In other words, the keystream is “seekable”. This property allows data from any part of a large encrypted file to be retrieved efficiently, without decrypting the whole file prior to the desired point; it is also useful for applications such as IPsec [2]. Other stream ciphers with this property include block ciphers in CTR mode [3].
    [Show full text]
  • RC4-2S: RC4 Stream Cipher with Two State Tables
    RC4-2S: RC4 Stream Cipher with Two State Tables Maytham M. Hammood, Kenji Yoshigoe and Ali M. Sagheer Abstract One of the most important symmetric cryptographic algorithms is Rivest Cipher 4 (RC4) stream cipher which can be applied to many security applications in real time security. However, RC4 cipher shows some weaknesses including a correlation problem between the public known outputs of the internal state. We propose RC4 stream cipher with two state tables (RC4-2S) as an enhancement to RC4. RC4-2S stream cipher system solves the correlation problem between the public known outputs of the internal state using permutation between state 1 (S1) and state 2 (S2). Furthermore, key generation time of the RC4-2S is faster than that of the original RC4 due to less number of operations per a key generation required by the former. The experimental results confirm that the output streams generated by the RC4-2S are more random than that generated by RC4 while requiring less time than RC4. Moreover, RC4-2S’s high resistivity protects against many attacks vulnerable to RC4 and solves several weaknesses of RC4 such as distinguishing attack. Keywords Stream cipher Á RC4 Á Pseudo-random number generator This work is based in part, upon research supported by the National Science Foundation (under Grant Nos. CNS-0855248 and EPS-0918970). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author (s) and do not necessarily reflect the views of the funding agencies or those of the employers. M. M. Hammood Applied Science, University of Arkansas at Little Rock, Little Rock, USA e-mail: [email protected] K.
    [Show full text]
  • A Software-Optimized Encryption Algorithm
    To app ear in J of CryptologyFull version of Last revised Septemb er A SoftwareOptimized Encryption Algorithm Phillip Rogaway and Don Copp ersmith Department of Computer Science Engineering I I Buildin g University of California Davis CA USA rogawaycsucdavisedu IBM TJ Watson ResearchCenter PO Box Yorktown Heights NY USA copp erwatsonibmcom Abstract We describ e a softwareecient encryption algorithm named SEAL Computational cost on a mo dern bit pro cessor is ab out clo ck cycles p er byte of text The cipher is a pseudorandom function family under control of a key rst prepro cessed into an internal table it stretches a bit p osition index into a long pseudorandom string This string can b e used as the keystream of a Vernam cipher Key words Cryptography Encryption Fast encryption Pseudoran dom function family Software encryption Stream cipher Intro duction Encrypting Fast In Software Encryption must often b e p erformed at high data rates a requirement sometimes met with the help of supp orting crypto graphic hardware Unfortunately cryptographic hardware is often absent and data condentiality is sacriced b ecause the cost of software cryptographyis deemed to b e excessive The computational cost of software cryptography is a function of the under y of its implementation But regardless of imple lying algorithm and the qualit mentation a cryptographic algorithm designed to run well in hardware will not p erform in software as well as an algorithm optimized for software execution The hardwareoriented Data Encryption Algorithm DES
    [Show full text]
  • Classic Cryptosystems Key Points Modulo Operation Ring Division
    3/1/2014 Ring RRiinngg ZZmm iiss:: ––SetSet of integers: ZZ =={{00,,11,,22,,……,,mm--11}} Classic Cryptosystems mm ––TwoTwo operation: “+” and “ ××”” →→ ≡≡ ∈∈ ““++”” a + b c mod m (c ZZmm)) ×× →→ ×× ≡≡ ∈∈ ““ ” a b d mod m (d ZZmm)) Example: –– m = 77,, ZZ77=={{00,,11,,22,,33,,44,,55,,66}} 66 ++ 55 == 1111 mod 77 == 44 6 ×× 55 == 3300 mod 77 == 22 6622//٤٤ ١١ Key Points Ring Z mm Properties & Operations Field: set of elements with + & * IdentityIdentity:: additive ‘‘00’’ , multiplicative ‘11’’‘ Modular Arithmetic: reduces all aa++00=a=a , ,a ××a11=a=a mod m numbers to fixed set [[00……nn--11]] InverseInverse:: additive ‘--a’,‘ a’, multiplicative ‘a --11’’ GCD: largest positive integer dividing aa++((--aa))==00mod mod m, m, a ××a aa--11 ==11 mod m Finite Field: finite number of elements Multiplicative inverse exist if gcd (a,m) = 11 n Order Finite Field: power of a prime PP Ring Addition and Multiplication is: where n = integer ClosedClosed,, Commutative,Commutative , Associative Finite Field: of order p can be defined using normal arithmetic mod p 6622//٥٥ 6622//٢٢ Modulo Operation Division on Ring ZZmm QQ::WhatWhat is 1122 mod 99?? Ring Division: 44//1155 mod 2266?????? AA::1122 mod 9 ≡≡33 44//1155 mod 2266 == 44 ×× 1155--11 mod 2266 LLeett a,r,m ∈∈ ΖΖ 1155--11 mod 2266existexist if gcd(1155,,2266))==11gcd( 1155--11 mod 2266 == 77 ((Ζ = set of all integers ) and mm >>00.. 44//1155 mod 2266 == 44××7 mod 2266 == 2288 mod 2266==22 We write r ≡ a mod m if m ––rr divides aa.. Note that the modulo operation can be applied mm is called the modulus.
    [Show full text]
  • Read Paper (In PDF)
    The Performance Measurement of Cryptographic Primitives on Palm Devices £ Duncan S. Wong, Hector Ho Fuentes and Agnes H. Chan College of Computer Science Northeastern University Boston, MA 02115, USA g fswong, hhofuent, ahchan @ccs.neu.edu Abstract which take only a few milliseconds or less and are widely used in securing data, performing authentication and in- We developed and evaluated several cryptographic sys- tegrity check on desktop machines, may spend seconds or tem libraries for Palm OS Ö which include stream and even minutes to carry out on a PalmPilot. Furthermore, the block ciphers, hash functions and multiple-precision integer memory space on low-power handheld devices are usually arithmetic operations. We noted that the encryption speed limited which may also introduce new challenges on the im- of SSC2 outperforms both ARC4 (Alleged RC4) and SEAL plementation of cryptosystems. Hence it is critical for users 3.0 if the plaintext is small. On the other hand, SEAL 3.0 to choose appropriate algorithms for the implementation of almost doubles the speed of SSC2 when the plaintext is con- cryptosystems on low-power devices. siderably large. We also observed that the optimized Rijn- We developed several cryptographic system libraries for dael with 8KB of lookup tables is 4 times faster than DES. Palm OS which include the following algorithms: In addition, our results show that implementing the cryp- tographic algorithms as system libraries does not degrade Stream Ciphers We tested the encryption speed of three their performance significantly. Instead, they provide great stream ciphers: SSC2 [11], ARC4 (Alleged RC4)1 and flexibility and code management to the algorithms.
    [Show full text]
  • 1 Stream Ciphers Vs. Block Ciphers
    CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Lecture Notes 13: Private-Key Encryption in Practice Reading. • KatzLindell 2nd edition 3.6,6.0,6.2.0-6.2.3,6.2.5 or 1st edition 3.6,5.0,5.2.0-5.2.3,5.2.5 1 Stream Ciphers vs. Block Ciphers • In practice, people use direct constructions of candidate stream ciphers (PRGs with unbounded output length) and block ciphers (like PRFs, discussed below). typically designed for xed nite key length n (not asymptotic) much faster than the full constructions we've seen based on one-way functions, hardness of factoring, etc. designed with aim of having brute-force search being the best attack (so secure against algorithms running in time nearly 2n) but design and security analysis is more of an art than a science • Stream Ciphers Essentially meant to be pseudorandom generators, used for stateful encryption. Examples: linear feedback shift registers (not secure, but used as component in better stream ciphers), RC4, SEAL, ... Extremely simple and fast Practical issues: can generate pseudorandom bits oine and decrypt very quickly without buering, but requires synchronization • Block ciphers For every key n, ` ` is a permutation, and both and −1 k 2 f0; 1g fk : f0; 1g ! f0; 1g fk fk can be computed quickly given k.(n=key length, ` = block length) Examples: DES, AES/Rijndael, IDEA, ... Main tools for private-key encryption in practice. Have both stateless modes and stateful/stream-like modes. • How are they designed? More of an art than science.
    [Show full text]
  • Classic Cryptosystems
    Classic Cryptosystems ١ ١ Key Points Field: set of elements with + & * Modular Arithmetic: reduces all numbers to fixed set [[00…n…n--11]] GCD: largest positive integer dividing Finite Field: finite number of elements Order Finite Field: power of a prime Pn where n = integer Finite Field: of order p can be defined using normal arithmetic mod p 6262//٢٢ Modulo Operation Q: What is 12 mod 9??9 A: 12 mod 9 ≡3≡3 Let a,r,m ∈ Ζ ((Ζ = set of all integers ) and m >0.. We write r ≡ a mod m if m––rr divides a.. m is called the modulus. rr is called the remainder. q · a = m --rr 0 ≤ r< m 6262//٣٣ Ring Ring Zm is: – Set of integers: Zm={00,,11,,22,…,m,…,m--11}} – Two operation: “+” and “ ××”” → ≡≡ ∈ “+” a + b c mod m (c Zmm)) ×× → ×× ≡≡ ∈ ““ ” a b d mod m (d Zmm)) Example: – m = 7,7, Z77={00,,11,,22,,33,,44,,55,,66}} 6 + 5 = 11 mod 7 = 44 6 ×× 5 = 30 mod 7 = 22 6262//٤٤ Ring Zm Properties & Operations Identity: additive ‘‘00’’ , multiplicative ‘1‘ 1’’ a+00=a=a , a××11=a=a mod m Inverse: additive ‘‘--a’,a’, multiplicative ‘a--11’’ a+( --a)=0 mod m, a×× a--11 =1 mod m Multiplicative inverse exist if gcd (a,m) = 1 Ring Addition and Multiplication is: Closed, Commutative, Associative 6262//٥٥ Division on Ring Zm Ring Division: 44//1515 mod 26??? 44//1515 mod 26 = 4 ×× 1515 --11 mod 2626 1515 --11 mod 2626exist if gcd(1515,,2626)=gcd( )=11 1515 --11 mod 26 = 7 4//15 mod 26 = 4××7 mod 26 = 28 mod 26=2 Note that the modulo operation can be applied whenever we want: (a + b) mod m = [(a mod m)+ (b mod m)] mod m (a ×× b) mod m = [(a mod m) ×× (b mod m)] mod m 6262//٦٦ Exponentiation in Zm Ring Exponentiation: 338 mod 7 =??? 338 mod 7 = 6561 mod 77 6561 mod 7 = 2 → 65616561=(=(937937 ××77)+)+22 Or = 3388 = 3344××3344= 3322××3322××3322××3322 338 mod 7 = [( 332 mod 77))××((332 mod 77)) ××((332 mod 77)) ××((332 mod 77)])] mod 77 338 mod 7 = (2( 2 ×× 2 ×× 2 ×× 22)) mod 7 = 16 mod 77==22 Note that ring Ζmm (modulo arithmetic) is of central importance to modern publicpublic--keykey cryptography.
    [Show full text]
  • Symmetric Cryptography
    University of Karlsruhe Advanced Systems Seminar Summer Term 2003 Symmetric Cryptography Daniel Grund 2003/07/01 Abstract Making systems secure is becoming more and more important nowadays. In most cases, isolation of sensitive data is not possible and systems therefore rely on cryptography for secure storage or transmission. This document will focus on classic cryptography, also called symmetric or secret key cryptogra- phy. It will present general concepts and some examples, allowing the reader to get a more detailed view of the internal work of ciphers. It will not discuss cryptanalysis. Key Words: Stream Cipher, Block Cipher, DES, AES, One Time Pad, Electronic Code Book, Cipher Block Chaining, Output Feedback, Cipher Feedback Contents 1 Introduction 3 1.1 Stream Ciphers .......................... 3 1.2 Block Ciphers ........................... 4 2 Operation modes 5 2.1 Synchronous ............................ 5 2.2 Asynchronous ........................... 6 2.3 Electronic Code Book ....................... 6 2.4 Cipher Block Chaining ...................... 6 2.5 Output Feedback ......................... 7 2.6 Cipher Feedback ......................... 7 2.7 Comparsion ............................ 8 3 Examples 10 3.1 DES ................................ 10 3.1.1 History ........................... 10 3.1.2 The Algorithm ...................... 11 3.1.3 Key Expansion ...................... 11 3.1.4 Initial Permutation .................... 11 3.1.5 A DES Round ....................... 11 3.1.6 The Round Function ................... 12 3.1.7 Decryption ........................ 13 3.1.8 Security of DES ...................... 13 3.1.9 Improvements on DES .................. 13 3.2 AES ................................ 14 3.2.1 History ........................... 14 3.2.2 The Algorithm ...................... 14 3.2.3 Key Schedule ....................... 14 3.2.4 The Round Transformation ............... 15 3.2.5 ByteSub .......................... 15 3.2.6 ShiftRow .........................
    [Show full text]
  • SNOW - a New Stream Cipher?
    SNOW - a new stream cipher? Patrik Ekdahl, Thomas Johansson Dept. of Information Technology Lund University, P.O. Box 118, 221 00 Lund, Sweden {patrik,thomas}@it.lth.se November 22, 2001 Abstract. In this paper a new word-oriented stream cipher, called SNOW, is proposed. The design of the cipher is quite simple, consisting of a linear feedback shift register, feeding a nite state machine. The design goals of producing a stream cipher signicantly faster than AES, with signicantly lower implementation costs in hardware, and a security level similar to AES is currently met. Our fastest C implemen- tation requires under 1 clock cycle per running key bit. The best attacks are generic attacks like an exhaustive key search attack. Keywords. SNOW, Stream ciphers, summation combiner, correlation attacks. 1 Introduction Cipher systems are usually subdivided into block ciphers and stream ciphers. Block ciphers tend to simultaneously encrypt groups of characters, whereas stream ciphers operate on individual characters of a plaintext message one at a time. A binary additive stream cipher is a synchronous stream cipher in which the keystream, the plaintext and the ciphertext are sequences of binary digits. The output of the keystream generator, called the running key, z(1); z(2);::: is added symbolwise to the plaintext sequence m(1); m(2);:::, producing the ciphertext c(1); c(2);:::. Each secret key k as input to the keystream generator corresponds to an output sequence. Since the secret key k is shared between the transmitter and the receiver, the receiver can decrypt by subtracting the output of the keystream generator from the ciphertext, obtaining the message sequence.
    [Show full text]
  • Enhancing Security and Speed of RC4
    International Journal of Computing and Network Technology ISSN 2210-1519 Int. J. Com. Net. Teach. 3, No. 2 (May 2015) Enhancing Security and Speed of RC4 Maytham M. Hammood1, 2, Kenji Yoshigoe1and Ali M. Sagheer3 1 Department of Computer Science, University of Arkansas at Little Rock, Little Rock, USA 2Department of Computer Science and Mathematics, University of Tikrit, Iraq 3Computer College, University of Anbar, Iraq Received: 10 Dec. 2014, Revised: 15 March, 2015, Accepted: 1 April 2015, Published: 1 (May) 2015 Abstract: Wireless communication security is a critical factor for secure communication among large scale of wireless networks. A limited resource constraint, such as power and memory size presents a significant challenge to implement existing cryptographic algorithms. One of the most important symmetric cryptographic algorithms is Rivest Cipher 4 (RC4) stream cipherthatis utilized in many real-time security applications. However, the RC4 cipher shows some weaknesses, including a correlation problem between the public known outputs of the internal state. In this paper, we propose RC4 stream cipher with a random initial state (RRC4) to solve the weak keys problem of the RC4 using a random initialization of internal state S. We also propose RC4 stream cipher with two state tables (RC4-2S) to solve the correlation problem between the public known outputs of the internal state using permutation between state1 (S1) and state 2 (S2) while requiring less time than RC4. Finally, we propose RC4 stream cipher with two state tables togenerate four keys (RC4-2S+) in each cycle which further enhances randomness overRC4-2S and RRC4. Keywords: Encryption, Stream Cipher, RC4, Random Number Generator attack can cause immediate loss of synchronization [3].
    [Show full text]